7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
89.2%
The newspost program uses a function named socket_getline to read
server responses from the network socket. Unfortunately this function
does not check the length of the buffer in which the read data is stored
and only stops reading when a newline character is found.
A malicious NNTP server could use this bug to cause a buffer overflow
by sending an overly long response. Such an overflow allows arbitrary
code to be executed, with the privileges of the newspost process, on the
affected systems.